310 matches found
[SECURITY] Fedora 38 Update: vorbis-tools-1.4.2-9.fc38
Ogg Vorbis is a fully open, non-proprietary, patent- and royalty-free, general-purpose compressed audio format for audio and music at fixed and variable bitrates from 16 to 128 kbps/channel. The vorbis package contains an encoder, a decoder, a playback tool, and a comment editor...
Mastering Industrial Cybersecurity: The Significance of Combining Vulnerability Management with Detection and Response
Written by Elad Ben-Meir, CEO SCADAfence, a Honeywell company. In today's digital era, where industries are increasingly reliant on advanced technologies, safeguarding critical infrastructure against cyber threats has become paramount. The convergence of operational technology OT and information...
ROS-20230919-02
Vulnerability of FilePickerShownCallback function in Mozilla Firefox, Firefox ESR and Thunderbird e-mail client Thunderbird is related to memory usage after it is freed. Exploitation of the vulnerability could allow a remote attacker to affect the confidentiality, integrity, and availability of...
Backdoor in TETRA Police Radios
Seems that there is a deliberate backdoor in the twenty-year-old TErrestrial Trunked RAdio TETRA standard used by police forces around the world. The European Telecommunications Standards Institute ETSI, an organization that standardizes technologies across the industry, first created TETRA in...
Critical Security Flaws Uncovered in Honeywell Experion DCS and QuickBlox Services
Multiple security vulnerabilities have been discovered in various services, including Honeywell Experion distributed control system DCS and QuickBlox, that, if successfully exploited, could result in severe compromise of affected systems. Dubbed Crit.IX, the nine flaws in the Honeywell Experion D...
CVE-2022-47311
A proprietary protocol for iBoot devices is used for control and keepalive commands. The function compares the username and password; it also contains the configuration data for the user specified. If the user does not exist, then it sends a value for username and password, which allows successfu...
CVE-2022-47311 CVE-2022-47311
A proprietary protocol for iBoot devices is used for control and keepalive commands. The function compares the username and password; it also contains the configuration data for the user specified. If the user does not exist, then it sends a value for username and password, which allows successfu...
CVE-2022-47311
Summary of CVE-2022-47311 (Dataprobe iBoot-PDU): A proprietary iBoot protocol uses control/keepalive commands and authenticates via a username/password stored in the device. If the user does not exist, the device sends a value for username/password, enabling successful authentication for a connec...
PT-2023-15237 · Iboot · Iboot
Name of the Vulnerable Software and Affected Versions: iBoot devices affected versions not specified Description: A proprietary protocol for iBoot devices is used for control and keepalive commands. The function compares the username and password; it also contains the configuration data for the...
Portion of Twitter’s proprietary source code leaked on GitHub
By Deeba Ahmed Twitter had to file a DMCA request after its source code was found on GitHub. This is a post from HackRead.com Read the original post: Portion of Twitters proprietary source code leaked on GitHub...
Cryptojacking Group TeamTNT Suspected of Using Decoy Miner to Conceal Data Exfiltration
The cryptojacking group known as TeamTNT is suspected to be behind a previously undiscovered strain of malware used to mine Monero cryptocurrency on compromised systems. That's according to Cado Security, which found the sample after Sysdig detailed a sophisticated attack known as SCARLETEEL aime...
Hackers Exploit Containerized Environments to Steal Proprietary Data and Software
A sophisticated attack campaign dubbed SCARLETEEL is targeting containerized environments to perpetrate theft of proprietary data and software. "The attacker exploited a containerized workload and then leveraged it to perform privilege escalation into an AWS account in order to steal proprietary...
Highly Sophisticated SCARLETEEL Cloud Attack That Stole Proprietary Data
Threat Level Attack Report Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs. Summary The SCARLETEEL attack was a highly sophisticated cloud operation that involved the theft of proprietary data by exploiting a compromised Kubernetes container,...
New BOLDMOVE Backdoor uses FortiOS vulnerability for initial access
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A suspected China-nexus campaign has exploited a vulnerability in Fortinets FortiOS SSL-VPN, known as CVE-2022-42475. The exploitation was believed to have occurred as early as October 2022 and the targe...
LastPass Admits to Severe Data Breach, Encrypted Password Vaults Stolen
The August 2022 security breach of LastPass may have been more severe than previously disclosed by the company. The popular password management service on Thursday revealed that malicious actors obtained a trove of personal information belonging to its customers that include their encrypted...
Trojan-Dropper.Win32.Decay.dxv (CyberGate 1.00.0) MVID-2022-0664 Insecure Proprietary Password Encryption
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/618f28253d1268132a9f10819a6947f2.txt Contact: [email protected] Media: twitter.com/malvuln Backup media: infosec.exchange/@malvuln Threat: Trojan-Dropper.Win32.Decay.dxv CyberGate v1.00.0...
CVE-2022-38980
The HwAirlink module has a heap overflow vulnerability in processing data packets of the proprietary protocol.Successful exploitation of this vulnerability may allow attackers to obtain process control permissions...
Heap overflow
The HwAirlink module has a heap overflow vulnerability in processing data packets of the proprietary protocol.Successful exploitation of this vulnerability may allow attackers to obtain process control permissions...
CVE-2022-38980
The HwAirlink module has a heap overflow vulnerability in processing data packets of the proprietary protocol.Successful exploitation of this vulnerability may allow attackers to obtain process control permissions...
PT-2022-24636 · Hwairlink · Hwairlink
Name of the Vulnerable Software and Affected Versions: HwAirlink module affected versions not specified Description: The issue is related to a heap overflow vulnerability in the HwAirlink module when processing data packets of a proprietary protocol. This vulnerability may allow attackers to obta...